Category Archives: Internal controls

External governance

“Rebuke at Wells Shows Clash,” The Wall Street Journal, November 15, 2018 B1.  Chief administrative officer (and former head of HR) at Wells placed on leave after the Office of the Comptroller of the Currency criticizes the oversight that she and the bank’s chief auditor provided.

If your company interacts with government regulators (and whose doesn’t?), is the government effectively a part of your governance structure?  Or is government a separate component of Governance, whether that is Compliance Governance or Information Governance?  Or just “Governance”?

And what does it say about communications when the government holds up a senior official for poor oversight?  What about the board?  Highly visible to the worker bees.

Advertisements

Leave a comment

Filed under Board, Communications, Compliance, Compliance, Compliance (General), Controls, Corporation, Duty, Employees, Governance, Government, Internal controls, Management, Oversight, Oversight, Third parties, To report

Very interesting

“Beware the ‘Free’ Internet,” The Wall Street Journal, November 15, 2018 A2.  How much money do Facebook, Twitter, and Google get from allowing others to access you based on your data?

The article makes an interesting comparison to Wikipedia, where a large amount of information is made available for free, without advertising.  That’s truly free.  As opposed to social media.

How much is your data worth?  To you?  To Google?  Do you agree with the implicit bargain, whereby you give use of your information in return for cat videos and an endless stream of ads?

Leave a comment

Filed under Access, Collect, Controls, Information, Internal controls, Management, Ownership, Third parties, Use, Value

Access

“CNN Sues the White House, Seeks Return of Press Pass,” The Wall Street Journal, November 14, 2018 A3.  Can the White House refuse to let in a member of the press into the White House for being rude?

Avoid for now the political implications of this, and what the First Amendment and the Fifth Amendment provide.  Think instead about who can deny a single individual access to information, while providing access to 190 other people.

Who is entitled to access information in your company?  What controls are in place to make sure that people who shouldn’t have access don’t get access?  Who determines what those controls are?  Who enforces them?  Is part of this culture?

Leave a comment

Filed under Access, Compliance (General), Controls, Culture, Duty, Governance, Government, Internal controls, Policy, Third parties, Uncategorized

Where’s Rosemary Woods?

“Trudeau Says Canadians Heard Khashoggi Tapes,” The Wall Street Journal, November 13, 2018 A7. Canadian intelligence officials hear audio tapes related to killing.

One assumes that this is a tape of some conversation picked up by intelligence folks after the killing, and not a recording of the killing itself.  Unless someone wanted to have proof for the boss.  Perhaps intelligence agencies spy on other governments or phone calls.

Often, people think information governance is all about the written word.  But the spoken word is information, too, whether it is recorded or not.  It’s just a problem of proof.  Is someone listening or taping your conversation?  Would it matter?

Leave a comment

Filed under Access, Accuracy, Communications, Controls, Definition, Duty, Governance, Government, Information, Internal controls, Risk assessment, Security, Third parties

Too much information?

“Boeing Withheld Data On Potential Hazards,” The Wall Street Journal, November 13, 2018 A1.  Did Boeing fail to disclose potential problems with its new flight-control feature?  Was that a factor in the Lion Air crash in Indonesia, killing 189 people?

Maybe this feature didn’t factor into the crash; we’ll have to wait for the cockpit voice recorder and the flight data recorder.  But if you know something and don’t tell other people who would like to know — well, that’s bad.  Even if you didn’t want to confuse them by providing them too much information.  Was it better “marketing” to tell their customers that they wouldn’t need as much training?

How do you decide how much information to provide your customers?  Are there problems you don’t mention?  Why?

Leave a comment

Filed under Access, Accuracy, Communicate, Communications, Controls, Corporation, Data quality, Duty, Duty of Care, Governance, Information, Internal controls, Management, Risk assessment, Third parties

The government does it better

In the macro sense, one of the bits of information that we own, manage, and hopefully control is who we are. How does the government control and manage this?

“Banks Find Solutions for ID Fraud at DMV,” The Wall Street Journal, November 13, 2018 B10.  Banks may use DMV databases to verify your online identity, because how you have to establish your identity to get a driver’s license normally involves you appearing in person and providing supporting documents.

Key to the process at the DMV is the trained person who checks your supporting documents.  The banks want to leverage that person’s knowledge and experience, rather than relying on a bank manager to do it.

Where else in our lives do we rely on government employees rather than ourselves as a critical control?

Leave a comment

Filed under Access, Accuracy, Controls, Data quality, Definition, Duty of Care, Governance, Information, Internal controls, Knowledge Management, Operations, Oversight, Privacy, Protect assets, Third parties, Use

Indicted

A Tesla employee is indicted for creating fake documents to cover up a fake-payment scheme.  “Former Tesla Employee Is Indicted,” The Wall Street Journal, November 12, 2018 B5.

Companies have a lot of controls to prevent fraud by employees, and often these controls work.  Why are there more such controls to prevent financial fraud than to prevent violations of other company procedures, such as those related to document creation, retention, and storage?

One wonders whether, in the aggregate, companies lose more money through poor document management and control than they lose through financial fraud.  How would one conduct such a study?

Leave a comment

Filed under Accuracy, Compliance, Compliance (General), Controls, Corporation, Directors, Duty, Duty of Care, Employees, Governance, Information, Internal controls, Oversight, Protect assets, Records Management, Security, Third parties, Value, Vendors